Date: Tue, 12 Sep 2000 11:32:39 -0700 From: Brooks Davis <brooks@one-eyed-alien.net> To: Peter Avalos <pavalos@theshell.com> Cc: David Wolfskill <dhw@whistle.com>, "freebsd-security@FreeBSD. ORG" <freebsd-security@FreeBSD.ORG> Subject: Re: ypserv giving out encrypted passwords Message-ID: <20000912113239.B31617@Odin.AC.HMC.Edu> In-Reply-To: <AAEMIFFLKPKLAOJHJANHIEKNCEAA.pavalos@theshell.com>; from pavalos@theshell.com on Tue, Sep 12, 2000 at 11:20:22AM -0500 References: <200009121503.IAA31586@pau-amma.whistle.com> <AAEMIFFLKPKLAOJHJANHIEKNCEAA.pavalos@theshell.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Sep 12, 2000 at 11:20:22AM -0500, Peter Avalos wrote: > Why? That just doesn't make sense to me. The master has to give the whole > map to the slave, and the slave server should still be acting as a server. > It shouldn't be dealing out the encrypted passwords to non-privileged ports. You're mistaking NIS for an inteligent protocol. ;-) NIS does one thing and one thing only. Given the name of a domain and the name of a map within that name it returns one or more request name value pairs from that map. It does nothing else and has no symantic knowledge of those name value pairs. FreeBSD appears to have a hack to implement shadow passwd support, but it's definatly a non-standard hack. The security model for NIS consists of two things being able to connect to the server and knowing the domain. That's it. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000912113239.B31617>